Dexsport, a Web3 crypto-friendly betting platform, revealed it was compromised due to an off-chain exploit. Cybercriminals managed to withdraw $400,000 in BUSD before the vulnerability was detected and patched. The attack interrupted the workflow of the platform for a few hours. User funds were out of danger and remain in safety, the team claims. Currently, withdrawals and deposits keep going on a regular basis.
In a letter to its users, Dexsport details that, on November 30, hackers exploited a vulnerability in the off-chain part related to the case-sensitive recording of unique transaction identifiers for processing deposits and increased the balance of their wallets. After that they quickly withdrew the funds illicitly achieved. The stolen assets were the protocol’s own assets. They were used as additional liquidity for players.
“The vulnerability was not on the side of our smart contracts as they are constantly tested and audited by the leading security firms Certik and Pessimistic. We know that, in a trustless environment, the reputation is one of the main treasures, especially in a bear market. Therefore, we pay maximum attention to the high level of user experience and safety of user funds,” reads Dexsport’s official press release.
The Dexsport spokesperson added that by the beginning of the World Cup matches, the platform had fully restored its steady operations, and many users did not even notice that something had happened.
Dexsport is the first Web3 betting platform. It is deployed on the Binance Smart Chain, OKX, Polygon, and Avalanche blockchains. The project provides a secure and transparent betting system.